Closed
Bug 1281644
Opened 8 years ago
Closed 8 years ago
Log URLs in builds-4hr should all use HTTPS to avoid mixed content breakage of the reftest analyser
Categories
(Release Engineering :: General, defect, P1)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mchang, Assigned: emorley)
References
Details
Attachments
(3 files)
|
58 bytes,
text/x-review-board-request
|
nthomas
:
review+
rail
:
checked-in+
|
Details |
|
66 bytes,
text/x-github-pull-request
|
oremj
:
review+
|
Details | Review |
|
861 bytes,
patch
|
rail
:
review+
emorley
:
checked-in+
|
Details | Diff | Splinter Review |
When trying to view a reftest log through try pushes on Windows, the log never shows up. See for example: https://treeherder.mozilla.org/#/jobs?repo=try&revision=afa0986611d8&selectedJob=22738463 Click on the reftest log, see "loading". From the log URL, the file doesn't actually exist, so something with either linking the correct log or the log isn't being saved seems to be the problem.
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
|
Assignee | |
Comment 6•8 years ago
|
||
Console says: Blocked loading mixed active content “http://archive.mozilla.org/pub/firefox/try-builds/mchang@mozilla.com-afa0986611d88b7707d195e4ab9982276477bfe4/try-win64-debug/try_win8_64-debug_test-reftest-no-accel-bm110-tests1-windows-build2.txt.gz” Regression from bug 1117583, though with bug 1200501 coming up we'd have hit it anyway. Log URLs will likely need to be all HTTPS - or else a server-side log fetching component created, given I don't believe there's any way to work around the mixed content blocking client side (even though it's "only" a log). Ben, is there a bug filed for this/does it seem viable? (The archive.mozilla.org log URL mentioned above works over HTTPS too).
| Comment hidden (obsolete) |
|
|
Assignee | |
Updated•8 years ago
|
|
|
Assignee | |
Updated•8 years ago
|
Priority: -- → P1
Summary: Windows reftest analyzer isn't showing up in try → Reftest analyser stuck on "Loading log..." with non-https log URLs
|
||
Comment 8•8 years ago
|
||
As a workaround for now, you can click the broken lock icon on the URL bar and disable protection from the ensuing dropdown.
|
||
Comment 9•8 years ago
|
||
(In reply to Ed Morley [:emorley] from comment #6) > Console says: > > Blocked loading mixed active content > “http://archive.mozilla.org/pub/firefox/try-builds/mchang@mozilla.com- > afa0986611d88b7707d195e4ab9982276477bfe4/try-win64-debug/try_win8_64- > debug_test-reftest-no-accel-bm110-tests1-windows-build2.txt.gz” > > Regression from bug 1117583, though with bug 1200501 coming up we'd have hit > it anyway. > > Log URLs will likely need to be all HTTPS - or else a server-side log > fetching component created, given I don't believe there's any way to work > around the mixed content blocking client side (even though it's "only" a > log). > > Ben, is there a bug filed for this/does it seem viable? > (The archive.mozilla.org log URL mentioned above works over HTTPS too). I'm probably not the best person to ask, but since HTTPS already works I would assume it would continue to. Rail is probably a better person to ask, but away at the moment.
Flags: needinfo?(bhearsum)
|
|
Assignee | |
Comment 10•8 years ago
|
||
Rail, I don't suppose you could help us with this? :-) archive.mozilla.org is accessible over HTTPS, so I'm hoping it shouldn't be too hard to make all log URLs in builds-4hr be HTTPS rather than the current HTTP URLs, which will avoid the mixed content issues we're seeing with the reftest analyser, now that we serve the reftest analyser over HTTPS. Thanks!
Component: Treeherder: Log Viewer → General Automation
Flags: needinfo?(rail)
Product: Tree Management → Release Engineering
QA Contact: catlee
Summary: Reftest analyser stuck on "Loading log..." with non-https log URLs → Log URLs in builds-4hr should all use HTTPS to avoid mixed content breakage of the reftest analyser
|
||
Comment 11•8 years ago
|
||
I'm not 100% familiar with that part but there are some clues. :) The URLs are set implicitly in https://dxr.mozilla.org/build-central/source/buildbotcustom/bin/postrun.py#108 and https://dxr.mozilla.org/build-central/source/buildbotcustom/bin/try_mailer.py#50 (the latter should be fixed to accept https). The URLs are printed by https://dxr.mozilla.org/build-central/source/buildbotcustom/bin/log_uploader.py#408, which uses https://dxr.mozilla.org/build-central/source/buildbotcustom/process/factory.py#144 post_upload.py, which is actually a Go program :D https://github.com/mozilla-services/product-delivery-tools/tree/master/post_upload post_upload accepts --url-prefix, which is http://archive.mozilla.org/ by default. We can either ask the cloudops team to change the default value or explicitly pass it.
Flags: needinfo?(rail)
|
|
Assignee | |
Comment 12•8 years ago
|
||
Ah thank you :-) I must admit it's slightly confusing that post_upload.py is not: https://dxr.mozilla.org/build-central/source/tools/stage/post_upload.py but instead that Go program, but at least that explains why https://dxr.mozilla.org/build-central/ came up empty for where we were setting 'archive.mozilla.org'.
|
|
Assignee | |
Comment 13•8 years ago
|
||
Nick, as someone who's touched those files most recently, do you have a preference here? (As to changing the product-delivery-tools post_upload default vs passing the --url-prefix param) I'm not familiar with how many things this will affect (eg do binary or mar uploads use the same tool? in which case just using --url-prefix for the log cases might be less risky) In addition to the locations mentioned in comment 11, I've also found: https://dxr.mozilla.org/build-central/source/tools/lib/python/build/upload.py ...which seems to be a dupe of the factory.py function.
Flags: needinfo?(nthomas)
|
|
||
Comment 14•8 years ago
|
||
I totally agree! :) But was the easiest way to switch to S3 for everybody. Probably it's a good idea to kill https://dxr.mozilla.org/build-central/source/tools/stage/post_upload.py. Let me do that.
|
|
Assignee | |
Comment 15•8 years ago
|
||
> Probably it's a good idea to kill
> https://dxr.mozilla.org/build-central/source/tools/stage/post_upload.py
Ah that would be great :-)
Perhaps also a comment at the couple of mentions of `post_upload.py` pointing to the GitHub repo would help too?|
|
||
Comment 16•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/62428/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/62428/
Attachment #8768111 -
Flags: review?(nthomas)
|
||
Updated•8 years ago
|
Attachment #8768111 -
Flags: review?(nthomas) → review+
|
|
||
Comment 17•8 years ago
|
||
Comment on attachment 8768111 [details] Bug 1281644 - Kill post_upload.py https://reviewboard.mozilla.org/r/62428/#review59344 With fire, kill it.
|
|
||
Comment 18•8 years ago
|
||
I thought this bug seemed familiar and then recalled bug 1225303. Looks like I was pointing some machines may not cope with new certs with old CA bundles if we globally went to https:// in post_upload output. Things have moved on a bit since then - we're using funsize for all update generation, files for tests get downloaded from taskcluster, and release promotion moved that way a lot too - all of which helps. Bug 1250629 might have brought l10n into play through download of the en-US build, but probably not - we're using https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/bundles in some places, and that's actually a common cert with archive.m.o. ie we'd be broken already. So I think we should be OK to make a global change in post_upload. If we find some reason that's not true I'd suggesting modifying log_uploader.py to pass --url-prefix.
Flags: needinfo?(nthomas)
|
|
||
Comment 19•8 years ago
|
||
Comment on attachment 8768111 [details] Bug 1281644 - Kill post_upload.py https://hg.mozilla.org/build/tools/rev/a7e91263a4f1
Attachment #8768111 -
Flags: checked-in+
|
|
Assignee | |
Comment 21•8 years ago
|
||
|
|
Assignee | |
Comment 22•8 years ago
|
||
Attachment #8775903 -
Flags: review?(rail)
|
|
||
Updated•8 years ago
|
Attachment #8775903 -
Flags: review?(rail) → review+
|
|
Assignee | |
Comment 23•8 years ago
|
||
Comment on attachment 8775903 [details] [diff] [review] try_mailer: Support extracting HTTPS URLs from logs remote: https://hg.mozilla.org/build/buildbotcustom/rev/d4c85e2ea3b4
Attachment #8775903 -
Flags: checked-in+
|
|
||
Comment 24•8 years ago
|
||
Merged to production - https://hg.mozilla.org/build/buildbotcustom/rev/61610b08ca2d
|
|
Assignee | |
Comment 25•8 years ago
|
||
The post_upload GitHub PR was merged, and I've opened an issue asking for a new release to pick up the fix: https://github.com/mozilla-services/product-delivery-tools/issues/45 Once that's released, what's the process for updating the binary use in production? Thanks :-)
Flags: needinfo?(nthomas)
|
|
||
Comment 26•8 years ago
|
||
A new binary deployed by issue 45 should be all you need.
Flags: needinfo?(nthomas)
|
|
Assignee | |
Comment 28•8 years ago
|
||
(In reply to Ed Morley [:emorley] from comment #25) > The post_upload GitHub PR was merged, and I've opened an issue asking for a > new release to pick up the fix: > https://github.com/mozilla-services/product-delivery-tools/issues/45 Jeremy, I don't suppose you could take a look at this?
Flags: needinfo?(oremj)
|
||
Updated•8 years ago
|
Attachment #8775902 -
Flags: review?(oremj) → review+
|
|
Assignee | |
Comment 30•8 years ago
|
||
This is now in production. Thank you all :-)
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Component: General Automation → General
You need to log in
before you can comment on or make changes to this bug.
Description
•